AWS Code Sample
Catalog

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

ReencryptDataKey.java

ReencryptDataKey.java demonstrates how to decrypt an encrypted data key, and then immediately re-encrypt the data key under a different customer master key (CMK).

package aws.example.kms; import com.amazonaws.services.kms.AWSKMS; import com.amazonaws.services.kms.AWSKMSClientBuilder; import com.amazonaws.services.kms.model.ReEncryptRequest; import java.nio.ByteBuffer; public class ReencryptDataKey { public static void main(String[] args) { AWSKMS kmsClient = AWSKMSClientBuilder.standard().build(); // Re-encrypt a data key ByteBuffer sourceCiphertextBlob = ByteBuffer.wrap(new byte[]{Byte.parseByte("Place your ciphertext here")}); // Replace the following fictitious CMK ARN with a valid CMK ID or ARN String destinationKeyId = "1234abcd-12ab-34cd-56ef-1234567890ab"; ReEncryptRequest req = new ReEncryptRequest(); req.setCiphertextBlob(sourceCiphertextBlob); req.setDestinationKeyId(destinationKeyId); ByteBuffer destinationCipherTextBlob = kmsClient.reEncrypt(req).getCiphertextBlob(); } }

Sample Details

Service: kms

Last tested: 2019-04-08

Author: AWS

Type: full-example

On this page: